Granted, I deal only with about 150 users, over about 6 companies, however, I haven't even had a reported case of this worm.
The only excuse for an administrator having a problem with this, is if the patch is incompatible with some or other software.
Any competent administrator knows:
When microsoft is releasing their patches.
Uses either Software Update Services, or more recently they may be using Windows Server Update Services [microsoft.com] (WSUS).
WSUS works like a charm, you can tell it to check for updates every day, and then all clients on the network can be forced to apply the patches.
There are instances where WSUS cannot really help much:
Laptop users: These users may get infected from their home connection before they get to the office, however, this should not really be able to happen if they are running a personal firewall (such as Windows XP SP2's firewall), and even if they do get infected, the worst possible collateral should be a couple of other, as yet, unpatched laptops on the network.
0 day worms: I would say that, reasonably, you are looking at about 24 hours for all desktop machines to get autopatched. Worms that get made in this time window may be able to sneak in.
Worms which target an unknown vulnerability: Short of ultra-strict firewall policies, as well as no laptop users, a worm like this is more than likely going to cause havoc.
It's called preventative maintenance, you can replace your brakes after they fail, but if you do it before they fail, it saves you having to repair the rest of your car as well.
In summary, all administrators from companies that that run a domain controller, and have a reasonable amount of resources should NOT have experienced any major outbreak. So stop whining, clean up your mess, do your job properly now and avoid future problems.
WSUS works like a charm, you can tell it to check for updates every day, and then all clients on the network can be forced to apply the patches. There are instances where WSUS cannot really help much:
Are you running WSUS on W2k, or 2k3?
I've tried getting WSUS going on 2000, but I keep hitting the same snag. everything installs just peachy, but I can't get to the Admin page to configure the damn thing. I keep getting an unhandled exception related to the.Net framework.
Hate to tell you this, bub, but you and your 150 machines are small-time, so you shouldn't go making broad pronouncements about who's competent or incompetent, based on your limited experience-- you're just a babe in the woods. Any competent administrator of large entities of the sort that are getting hit with these worms knows to never roll out any Microsoft patches without first testing them thoroughly on non-production hardware to see if they break anything important.
That's a fair point about testing any new patches first. I feel an anecdote coming on... A couple of years ago, there was a windows patch that somehow affected 3dsmax. Files saved from 3dsmax on a patched machine could only be read on other patched machines, while files from unpatched machines couple be happily read on either. Much confusion ensued. I think it took a day or so to uncover what was really going on, but it caused us more problems than we'd ever had with viruses.
The only excuse for an administrator having a problem with this, is if the patch is incompatible with some or other software.
I fully understand that patches need to be tested. You know when the patches are about to be released and if 3 days is not good enough, then you need more IT staff, or more standardized hardware/software. In addition to that, allocate users/computers into update groups, and as you test one configuration, update that, test the next, and so on and so forth.
Security rollups and ser
Maybe you can't buy happiness, but these days you can certainly charge it.
Non-issue for any competent admin (Score:2, Informative)
Granted, I deal only with about 150 users, over about 6 companies, however, I haven't even had a reported case of this worm.
The only excuse for an administrator having a problem with this, is if the patch is incompatible with some or other software.
Any competent administrator knows:
WSUS works like a charm, you can tell it to check for updates every day, and then all clients on the network can be forced to apply the patches.
There are instances where WSUS cannot really help much:
It's called preventative maintenance, you can replace your brakes after they fail, but if you do it before they fail, it saves you having to repair the rest of your car as well.
In summary, all administrators from companies that that run a domain controller, and have a reasonable amount of resources should NOT have experienced any major outbreak. So stop whining, clean up your mess, do your job properly now and avoid future problems.
Re:Non-issue for any competent admin (Score:2)
There are instances where WSUS cannot really help much:
Are you running WSUS on W2k, or 2k3?
I've tried getting WSUS going on 2000, but I keep hitting the same snag. everything installs just peachy, but I can't get to the Admin page to configure the damn thing. I keep getting an unhandled exception related to the
The articles I've found relating to this
Re:Non-issue for any competent admin (Score:1)
Re:Non-issue for any competent admin (Score:1, Insightful)
Any competent administrator of large entities of the sort that are getting hit with these worms knows to never roll out any Microsoft patches without first testing them thoroughly on non-production hardware to see if they break anything important.
Too many companies have gotten burned
Re:Non-issue for any competent admin (Score:2)
A couple of years ago, there was a windows patch that somehow affected 3dsmax. Files saved from 3dsmax on a patched machine could only be read on other patched machines, while files from unpatched machines couple be happily read on either. Much confusion ensued. I think it took a day or so to uncover what was really going on, but it caused us more problems than we'd ever had with viruses.
Quite what the patch or 3dsmax wa
Re:Non-issue for any competent admin (Score:1)
I fully understand that patches need to be tested. You know when the patches are about to be released and if 3 days is not good enough, then you need more IT staff, or more standardized hardware/software. In addition to that, allocate users/computers into update groups, and as you test one configuration, update that, test the next, and so on and so forth.
Security rollups and ser